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> (54) Modal security approach 

(57) An approach for selecting security preferences 
and handling security events in a computer program in- 
volves displaying first and second user interface objects 
via a user interface. The first and second user interface 
objects correspond to first and second user interface 



modes, respectively, for allowing a user to select secu- 
rity preferences and for handling security events. The 
first and second user interface modes support different 
levels of user sophistication and familiarity with security 
preferences and security events in computer programs. 
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Description 

FIELD OF THE INVENTION 

[0001] The present invention relates to data security, 5 
and more 'specifically, to a modal security approach for 
selecting "security preferences and handling security 
events "in computer software. 

.BACKGROUND OF THE INVENTION io 

[0002] Data security can be an important concern in 
computing systems;' particularly in distributed comput- 
ing systems, where data exchanged between locations 
can be susceptible to unauthorized access'by third par- is 
ties. Some distributed computing systems use secure, 
proprietary connections to prevent, or,at least reduce, 
unauthorized access to data exchanged between loca- 
tions. However, secure proprietary connec'tions'are'of- 
ten expensive to install and maintain and do not guar- 20 
ahtee data'security. As a result, many distributed com- 
puting systems employ secure communication proto- 
cols with encryption 'algorithms to protect data ex- 
changed between locations. 

[0003] Data security is an important issue for distrib- 2S 
uted cbmputirigon" the global computing network known 
as the "Internet." Data exchanged between locations via 
the Internet can travel through many different interme- 
diate, and sometimes unknown, locations, making data 
transmitted over the Internet susceptible to unauthor- 30 
ized access. As a result, sensitive data transmitted over 
the Internet is often encrypted to prevent a third party 
from determining the contents of the data One example 
of a secure communication protocol is Netscape Com- 
munications Corporation's Secure Sockets Layer (SSL). 35 

[0004] In computer software, data security character- 
istics or attributes, sometimes referred to as security 
preferences, are sometimes manually selected by a us- 
er using a user interface with pull-down menus and 40 
screens. Examples of security preferences include the 
specific encryption algorithm used and the bit length of 
an encryption key. Many Internet "browsers" have a se- 
curity preferences option which, when "selected, dis- 
plays one or more pull-down menus for selecting secu- *s 
rity preferences. Generally, a 'browser" is a utility pro- 
gram that allows a' user to locate' and retrieve informa- 
tion from networked information services: In the context 
of the Internet, a "browser" is a sbftware^ool'tharallpws 
. jaukec.to.view:web pages. Examples of Internet brows- ...so 
ers include Sun Microsystems' Net Dynamics Browser, 
Microsoft's Internet Explorer and Netscape's Communi- 
cator. 

[0005] In Internet browsers, security preferences are 
typically not organized by importance or user skill level ss 
As a result, users are presented with a plethora of se- 
curity preferences, many of which may not be well.un- 
derstood. For example, in the context of Internet brows- 



ers, users are often presented with a myriad of content- 
related security preferences. and certificate-related se- 
curity preferences that can cause several problems. 
[0006] First, it is often difficult and frustrating for users 
to discern which security preferences are important 
since security, preferences are not usually organized by 
importance.. As a result, users sometimes find them- 
selves navigating through menu after menu of security' 
preferences without being sure of which security p'ref er> 
ences'are the most important. Another problem Js. that' 
all users typically have access to all of the security pref- 
erences. As a "result, it, is easy for novice users to incor-. 
rectly select security.preferences, possibly making : their 
computer insecure. One approach to solve this.problem. 
has been to locate some security preferences on an "ad- 
vanced" screen. However, novice "users are not prevent- 
ed from entering these screens and may actually be en- 
ticed to do so by the "advanced" label. 
[0007] . A related problem with computer. software, and. 
in particularly browsers, is how security events are han- 
dled for users of different skill levels. For example, when 
a user attempts to connect to" a web site and the user's 
browser does not recognize the certifying authority that 
issued a web site's certificate,, the user, is notified and 
presented with various options for responding to the no- . 
tificatron. Typical options include aborting the connec- 
tion attempt and proceeding to connect to the website, 
despite the security warning. One of the problems is that 
security event notifications often include language. and 
terms that are 'unfamiliar to in experienced users. As a 
resuft, inexperienced users may be unsure about how 
to respond to security notifications and may inadvertent- 
ly operate under insecure conditions". 
[0008] Based on the need to configure security pref- 
erences and handle security events in network applica- 
tion software such as Internet browsers, and the limita- 
tions in the prior approaches, an approach for configur- 
ing security preferences and handling security events in 
computer software that avoids the limitations in the ap- 
proaches previously described is highly desirable. ■• • 

SUMMARY OF THE INVENTION 

[0009] Accordingto on e aspect' of th e invent ion, a mo- 
dal' security metribd is provided for selecting security 
preferences and handling security ! events '"in" computer 
software. A first user interface object is displayed' via a 
user interface, wherein the first user interface object is 
associated with a first user interface mode in which a 
first set of one or more user interface objects' is available ^ 
for selecting the security preferences. A second user in- 
terface object is displayed via the user interface, where- 
in the second user interface object is associated with a 
second user interface mode in which a second set of 
one or more user interface objects is available for se- 
lecting the security preferences." A user interaction as- 
sociated with the user interface is detected and a deter- 
mination is made whether the user interaction is asso- 
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ciated withr either the first user interface object ^6r the 
second user interface object, if the user interaction is 
associated with the first user interface object, then' the . 
first user interface -mode is initiated. If the user interac- 
tion is associated with the second user interface object, ' 5 
then the second user interface mode is initiated: 
[0010] According to another aspect of the invention, 
a computer system is' provided for selecting security ; 
preferences and handling security events in computer 
software. The computer system includes a user inter- to 
face, a first user interface object displayed via the user 
interface and a second user interface object displayed 

. via the user interface. The first user interface object is 
associated with a first user interface mode in which a 
first set of one or'more user interface objects is available 15 
for selecting security preferences. The second user in- 
terface object is associated with a second user interface 
mode in which a second set of one or more user inter- 
face objects is available for 'selecting the security pref- 
erences. The computer system' 1 is configured to detect 20 
a user interaction associated with the'user interface, de- 
termine whether the user interaction' is associated with 
either the first user interface object or the second user 
interface object, if the user interaction is associated with 
the first user interface object, then' initiate the first user 25 

} interface mode, and if the user interaction is associated 
with the second user interface object, then initiate the 
second user interface mode. Other aspects and fea- 
tures of the invention will become apparent from the fol- . , 
lowing description and claims " t 30 

BRIEF DESCRIPTION OF THE DRAWINGS. 

[0011] Embodiments of the invention are illustrated by 
. way of example, and not by way of limitation, in the fig- 35 
' ures of the accompanying drawings and in which like 

reference numerals refer to similar elements, and in 

which: 

FIG. 1A is a block diagram illustrating an approach 40 
for selecting security preferences in computer soft- 
ware according to an embodiment of the invention; 
FIG. 1 B is a high-level flow chart illustrating an ap- 
proach for select jhg security preferences in compu- .' 
' i'lQ r software accord in g t o an .embod inri e nt of th e i n - 4 s 
' . vent ion;'. '._ _ , , r , M . . -.: 

~ . FIG. '2 'is a block diagram. illustrating an. approach., 
' for selecting "Warnings" security preferences in a 
basic security administration mode according to an . t j 
— embodiment of theinvention;.. . 50 

FIG. 3 is a block diagram illustrating an approach 
for selecting "Cookies" security preferences in a ba- 
...sic security administration mode. according to an. 
embodiment of the invention; 
s FIG. A is a block diagram illustrating an approach ss 
. for selecting "Cookies" security preferences in an,, 
advanced security administration mode according , 
to an embodiment of the invention. 



FIG. 5 is a block diagram illustrating an approach 
for selecting "Applets/JavaScript" security, prefer- 
ences in an advanced security administration mode 
according to an embodiment of the invention; 
FIG. 6 is a block diagram illustrating an approach, 
for selecting "Applets" security preferences in an 
advanced security administration mode .according 
to an embodiment of the invention; 
FiG. 7 is a block diagram illustrating an approach 
for selecting "Signed Applets" security preferences 
in an advanced security administration mode, ac- 
cording to an embodiment of the invention; 
FIG. 8 is a btock diagram illustrating an approach 
for selecting'" JavaScript" security preferences in an. 
advanced security administration mode according 
to an embodiment of the invention;. 
FIG. 9 is a block diagram ..illustrating an approach 
for selecting' "Special Cases" of "Applets/JavaS: 
'cript' 1 security preferences in an advanced security. 
" administration mode according to an embodiment 
oUhe invention; 

FIG. TO is a block diagram illustrating adding aYiew 
item or editing an existing item from the user inter-, 
face of FIG. 9; . ."" r " ' . '. 
FIG. 11 is a block diagram' illustrating an approach, 
for selecting "Web Sites" security preferences in. an 
advanced security' administration mode according, 
to an embodiment of the invention; . . ... 
FiG, 12 is a block diagram illustrating an approach , 
for selecting "Warnings" security preferences ,in an, 
"'. advanced security administration mode according 
to an embodiment of the invention; 
FIG. 13 is a block diagram illustrating an approach 
for selecting "SSL" security preferences in an ad- T 
vanced security administration mode according to 
an embodiment of the invention; 
FIG. 14 is a block diagram illustrating an approach 
for selecting "Certificate" security preferences in an 
advanced security administration mode according 
to an embodiment of the invention; , . ' 
'FIG. 15 is a block diagram illustrating an approach 
for selecting "Certifying Authorities" security prefer- 
ences in ah advanced security administration mode 
according. to an embodiment of the invention; 
FIG. 16 is a block diagram .illustrating an approach 
for selecting "Web Site Certificate" security prefer- 
ences in an advanced. security administration mode 
accordirig.lo an .embodiment of the invention; . 4 , r . 
FIG. 17 is a block diagram illustrating an approach 
for-seiecting -Soft ware Publishers; security prefer- 
ences in an advanced security administration mode 
according to an embodiment of the invention; 
FIG. 18 is a block diagram illustrating a modal ap- 
proach for handling a security event in a basic user 
interface mode according to an.embodiment of the 
invention; 

FIGS. 1 9-21 are block diagrarrisjllustrating a modal 
approach for handling a security event in an ad- 
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: vanced user i nte rf ace, mod q- according to an em- 
bodiment of the invention; and . . - 
FIG. 22 is a block diagram of a computer system on 
which embodiments of the invention may be imple- 
mented. . ; , - s 

DETAILED DESCRIPTION OF THE INVENTION - 

■ ,[0012] In the following description, for the purposes 
j of explanation, specific details- are set forth in order to iQ 
provide a thorough understanding of the invention. How- 
ever, it will be apparent that the invention may be prac- 

. . ticed without these specific details. In other instances, 
well-known structures and devices are depicted in block 

' diagram form in order to avoid unnecessarily obscuring is 
the invention. ■ - . 

• FUNCTIONAL OVERVIEW - 

[0013]- A modal approach for selecting security .pref- 20 
erences and : handling security events in computer soft- 
ware, according to.an embodiment of the invention, in- 
volves using two. or more user interface modes to select 
security .preferences and handle security events. As 
usod herein, the term "computer software" refers to any 2s 
type of- computer program or instructions which, when 
executed by a computer, cause the computer. to perform 
a particular function. As used herein, the term "user in- 
terface mode" refers to an operational mode that pro- 

- yides.for the exchange of information between a com-. 30~ 
: puter and. a user. This approach allows security prefer- 
ences to. be organized by importance and accommo- 

. dates.users having different skill levels and different lev- 
els of : familiarity with security preferences and handle 
security events. 35 

, [0014], FIG. 1 A is a block diagram illustrating a modal 
approach for selecting security preferences and -han- 
dling security events in computer software according to 
an embodiment of the invention. A user interface 100 
-provides a means of communication between a user 40 
and a computer (not illustrated). User interface lOOmay 
include any mechanism for providing communication 
between a user and a computer and the invention is not 
limited to any particular type of userjnterface 100. For 
example, user interface 100 may incjude a visual display 45" 
such as a cathode ray tube (CRT) and a pointing device 
such as a mouse. As another, example, user interface * ^ 
1 00 may. include speech-. synthesis and speech recog- 
. nition mechanisms..... . . 

[0015] A user interface object. 102 is displayed via us- so 
er interface 100. As used herein, the term "user interface 
object" refers to any object displayed via user interface 
100 that provides for the exchange of information be- 
tween a user and a computer (not illustrated in FIG. 1) 
associated with user interface 100. Hence, as used 55 
herein, a user interface object may convey information 
to a user, accept input from a user, or both convey in- " 
formation to a user and accept input from a user. Exam- 
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pies of user interface objects include, but are not limited 
to, text, menus, buttons, dialog boxes andother graphic- 
based symbols. ^ " 

[0016] . According to one embodiment of the invention, 
user interface object 102 is provided for initiating. a first 
user interface mode for selecting security preferences. 
The first user interface mode is defined by a first set of 
user interface operations and a set of user interface ob- 
jects 1 04 with which a user may interact to select secu- 
rity preferences. Furthermore, according to on e embod- 
iment "of the invention, the first user interface mode is 
specifically designed for users with a first user attribute. 
As used herein, the term "user attribute" refers to any 
characteristic of a user. Examples of user attributes in- 
clude user identities arid user skill level such" as begin- 
ner arid advanced. Thus, the first user interface mode 
may be designed for "basic" or "beginner" users, or us- 
ers that are relatively inexperienced with security pref- 
erences. 

[0017] A second user interface object 106 is also dis- 
played via user interface 100. According to one embod- 
iment of the invention, user interface object 106 is pro- 
vided for initiating a second user interlace mode for se- 
lecting security preferences. The second user interface 
mode is defined by a second set of user interface oper- 
ations and a set of user interface objects 1 08 with which 
a user may interact to select the security "preferences. 
Furthermore, according to one embodiment of the in- 
vention, the second user interface mode' is specifically 
designed for users with a second user attribute. Thus, 
the second user interface mode may be'~designed for 
"advanced" users, or users that are relatively more ex- 
perienced in understanding and/or selecting security 
preferences. , : " 

[0018] FIG. 1 B is a high fevel flowchart 1 50 illustrating 
an approach for selecting security preferences in com- 
puter software according to an embodiment of the in- 
vention. After starting in step 152, in step 154, user in- 
terface objects 102 arid 106 corresponding to the" first 
and second user interface modes, respectively, are dis- 
played via user interface 1 00. 

[0019] According to one embodiment of the invention, 
the first and second user interface modes are imple- 
mented to accommodate users having different skill lev- 
els and "different familiarity with security preferences. 
. For example, the' first user interface mode may' be a "ba- 
sic"' mode to ^accommodate' users having 1 a 'relatively 
lower skill level 'and/or familiarity with security prefer- 
ences J whi!e the second user interface mode is an "ad- 
vanced" mode to accommodate' users having a relative-. . ; 
ly higher skill level and/or familiarity with security pref- 
erences. Accordingly, user interface objects'104 may be 
selected to use relatively basic terminology and provide 
relatively fewer security preference choices than user 
interface objects 108. According" to one embodiment of 
the invention, values for security preferences that are 
not accessible to a user in the basic mode' are automat- 
ically set to specified values. ' ; J 
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' [0020] In step 1 56, a user interaction with* user inter- 
face 100 is detected. In step 1'58, a deter mi hat ion is 
made whetlw the user interaction is associated; with us- 
er interface object 102 associated with the first user in- 
terface mode. If so, then in step 160, the first user inter- 
face mode is initiated to allow a user to specify security 
preferences in the first user interface mode. The proc- 
ess is complete in step 162. 

[0021 ] . If in step 1 58 a determination is made that the 
user interaction is not associated' with user interlace ob- 
ject 102 associated with the first user interface 'mode, 
then in step 164, a determination is made whether'the 
user interaction is associated with user interface object 
106 associated with the second user interface mode. If 
so, then in step 166, the second user interface mode is 
initiated to allow a user to specify security preferences ■ 
'in the second user interlace mode. The process is com- 
plete in step 162. tf in step 164 a determination is made 
that the user interaction isnot associated with user in- 
terface object I06,associated.with the second user in- 
terlace mode, then the process is complete in step 1 62. 

SECURITY ADMINISTRATION MODES 

[0022] ■ The "modal approach for selecting security 
preferences in computer software is now described in 
more detail with reference to FIGS. 2-17. Embodiments 
of the invention. are described hereinafter in the context 
of: (1) a basic security administration mode; and (2) an 
advanced security administration mode for selecting se- 
curity preferences in computer software.. As will be evi- 
dent from, the figures and the following description, the 
basic security administration mode provides relatively 
fewer security preferences than the advanced security 
administration mode. Fewer security preferences re- 
duces the likelihood that.a less experienced user will be 
confused. Fewer security preferences also reduces the 
likelihood that an inexperienced user will operate in an 
unsafe mode. It should be pointed out that the user in- 
terface and user interface objects illustrated in FIGS. 
2-1 7 are provided to aid the reader in understanding the 
various features and aspects of the invention and do not 
necessarily include all features that might be displayed 
via a user interface. For example, it will be. well under- 
, , stood that the.user interlace' illustrated, in .FIQS. 2-17 
might' include additional ."buttons" ' and user interface 
features for "performing various interface, functions that 
are not illustrated or described so' as to not obscure the 
features and aspects of the invention. 

1. Basic Security Administration Mode 

[0023] In general, the basic security administration 
mode is designed to accommodate users having a rel- 
atively lower skill. level and/or familiarity with security 
. preferences. As a result, the user interface objects used 
in the basic security administration mode have relatively 
fewer selections and use less technical supporting text 



than those in the advanced security administration 
mode described hereinafter; ■ 

[0024] FIGS. 2 and 3 are block diagrams illustrating 
- the baisic security administration mode for selecting user 

5 preferences associated with user interface object 102. 
User interface 100 includes a region 110, referred to 
herein as a "sidebar", for displaying categories' of secu- 
rity preferences that can be selected by a user in the 
first user interface mode. In the present example 1 ; side- 

io bar 1 1 0 includes a user interface object 112 associated 
with security preferences categorized as "Warnings.*' 
Sidebar 110 also includes a user interface object 114 
associated with security preferences categorized as 
■' "Cookies." - 

is [0025] " User interface" 100 also includes a^ region 116 
referenced to herein as "dialog area" 1 16 that displays 
information and user interface objects associated with 
a "selected" object from sidebar 110. User interface ob- 
jects may be "selected" and "deselected" by a user in a 

20 variety of ways, for example by manipulating a user in- 
terface pointing device such as a mouse, trackball or 
... . scratchpad, by manipulating a keyboard, or by other- 
wise interacting with user interface 100. In the present/ 1 
example, user interface ' object "1T2, associated with 

25 "Warnings" security preferences, has been selected, as 
indicated by the solid line surrounding user interface ob- 
ject 112. - ' ■' ' /" ' ' 
[0026] ; In the present example, dialog' area 116 in- 
cludes text information 1 18, text information 120 arid se- 

30 lectable objects 122, associated with user interface ob- 
ject 112. Text information 118 provides information 
about the '"Warnings" security preferences associated 
with user interface object 112. Text information' 120 in- 
cludes a list of "Warnings" security preferences that may 

35 be individually selected or deselected by manipulating 
a corresponding interface object from selectable objects 
122. • 

[0027] Referring now to FIG. 3, user interface object 
114, associated with "Cookies" security preferences, 
40 ' has been selected, as indicated by the solid line' sur- 
rounding user interface object 114. Dialog area 116 in- 
cludes text information 1 24, text information 1 26 and se- 
lectable objects 128, associated with user interface ob- 
ject 114. ' Text information 124 provides information 
45 about the "Cookies" security preferences associated 
' "with user" interface object 114. Text information" 1 26 in- 
' eludes a list of "Cookies" security preferences that may 
be individually selected'or deselected by 1 manipulating 
a corresponding interface object from selectable objects 
• 'so-'-\2Q. •' % ' ' — 

2. Advanced Security Administration Mode 

[0028] In general, the advanced security administra- 
ss tion mode is designed to accommodate users having a 
relatively higher skill level and/or familiarity with security 
'preferences. As a result, the advanced security admin- 
istration" mode includes more security preferences and 
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may use more technical supporting text than the basic 
security administration mode. 

[0029] FIGS. 4-17 are block diagrams illustrating the 
advanced security administration mode for selecting us- 
er preferences associated with user interface object 
106. Sidebar 110- includes a user interface object 200 
associated with "Cookies" security preferences and a 
user interface object 202 associated with "Applets/Java- 
Script" -security preferences. Four types -of "Applets/ 
JavaScript" security preferences are provided and are 
associated "with user interface object 204 "Applets", user 
interface object 206 "Signed Applets", user interface ob J 
ject 208 "JavaScript" and user interface object 210 
"Special Cases." 

[0030] Sidebar 110 also includes a user interface ob- 
ject 21 2 associated with "Web Sites" security preferenc- 
e's. "Two types of "Web Sites' security preferences are 
provided and are associated with user interface object 
214 "Warnings" and user interface object 216 "SSL." ~ 
[0031] ' Sidebar' 1 10 also includes a user interface ob- 
ject 218 associated with "Certificates" security prefer- 
ences': Three types of "Certificate" security preferences 
are provided and are associated with user interface ob- 
ject 220 "Certifying Authorities", user interface object 
222 "Web Sites" and user interface object 224 "Software 
Publishers." : ' -•- ""- r • 

[0032] ,; In the'-present example', user interface object 
200 associated with the "Cookie's? security preferences 
has" beeh selected. Accordingly, "dialog area 11 6 1 in- 
cludes text information 226, text information 228 and se- 
lectable objects 230, associated with user interface ob- 
ject ; -200. Text • information 226 provides -information 
about the "Cookies" security preferences associated 
with user interface object 200. Text information 228 in- 
cludes a list 'of "Cookies" security pref erences that may 
•be individually selected or deselected by manipulating 
a" correspond interface object from selectable objects 
'230. 

[0033] - Referring now to FIG. 5, user interface object 
202, associated with "Applets/JavaScript" security pref- 
erences has been selected. Dialog area 116 includes 
text information 232 that provides information about the 
"Applets/JavaScript" security preferences associated 
with user interface object 202.' • ■ • 
[0034] Referring now to FlG>6, user- interlace object 
204, associated witrr'Applets:'security preferences has 
been selected. Dialog area 1 1 6 includes text information 
234,- text information 236; 'text information 238 and se- 
■ lectable objects 240, associated with User interface ob- 
ject 204. Text: information 234 provides information 
about the "Applets" security preferences associated 
with user interface object 204. Text information 236 
specifies a list of "Applets" security preferences that 
may be individually selected or deselected by manipu- 
lating a corresponding interface object from selectable 
objects 240. Text information 238 specifies additional in- 
formation about selecting "Applets" security preferenc- 
es using selectable objects 240. • • . i' ■ 



[0035] • Referring now. to FIG. 7, user interface object 
206, associated with. "Signed Applets" security prefer- 
ences has been selected. Dialog area 116 includes-text 
information 242. text information 244. text information 

5 246 and selectable objects 248, associated- with -user 
interface object 206. Text information 242 provides in- 
formation about the "Signed Applets" security prefer- 
ences associated with user interface object- 206. Text, 
information 244 specifies a list of. "Signed Applet" secu^ 

io rity preferences that' may be individually selected or 
deselected by .manipulating a corresponding interface 
object from selectable objects 248. Text information 246 
specifies additional information about selecting "Ap- 
plets" security preferences using selectable objects 

75 248.- . ■ . - . , ; 

[0036] Referring now to FIG. 8; .user interface object 
208, associated with "JavaScript" security preferences 
has been selected. Dialog area 116 includes textJnfor- 
matbn.250, text information 252,- text infprmation : 254 

20 and selectable-objects 256, associated, with user inter- 
face object 208. Text information 250 provides informa- 
tion about. the "JavaScript" security preferences associ- 
ated with user interface object 208. Text information 252 
specifies a list of "JavaScript" security preferences that 

25 may be- individually. selected or deselected by manipu- 
lating a corresponding interface object from selectable 
objects 256. Text information 254 specifies additional in- 
formation about selecting "JavaScript" security prefer- 
ences-using selectable objects 256. • 

30 [0037] Referring now. to. FIG; 9, user interface. object 
210, associated with ."Special Cases" security prefer- 
ences has been selected. Diajog area 116 includes text 
information 258, a user interface object -260 and user 
interface objects 262.- Text information 258 provides in- 

35 formation about the "Special Case" security preferences 
associated with user interface object 210. User interface 
object 260 is typically referred to as a scrolling window 
for viewing web site identifiers, software publisher cer- 
tificates and certifying authorities for which the security 
"40 mode may be individually selected. User interface ob- 
jects 262 are in the form of action "buttons" for adding 
new items or editing or deletingj existing items in.user 
interface object 260. FIG. 10 is a b toe k.diagrarn. that .il- 
lustrates an exam pie. set of .user interface objects. 264 
■ 45 -.that may be used adding a new item or editing an exist- 
ing item in user interface; object;260 of FIG. 9, TiV; >. v . 
[0038] Referring now to Fl G,. 1 ; 1 , user- interface object 
212, associated with "Web Site" security preferences 
has been selected. Dialog area 116 includes text infor- 

so mation 266 that provides .information about the "Web 
Site" security preferences associated with user inter- 
face object 212. 
■ [0039] Referring now to FIG. 12, user interface object 
214, associated with "Warnings" security preferences 

55 has been selected. Dialog area 116 includes text.infor- 
■, mation 270, text information 272 and selectable objects 
.274, associated with ; user interface object 214. Text in- 
formation 270 .provides information about the "Warn- 
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ings" 1 security "preferences associated with -User inter- 
face object 214. Text information 272 includesia list of 
"Warnings" security preferences that may be individual- 
ly selected or deselected by manipulating the : corre- 
spond interface object from selectable objects 274. 
[0040] Referring now to FIG. 1 3, user interface object 
216, associated with "SSL" security preferences has 
been selected. Dialog area 1 1 6 includes text information 
276 and user interlace objects 27 8.. Text information 276 
provides information about the "SSli" security prefer- 
ences' associated with user interface object 216.\User 
interface objects 273- aliow a user to select particular, 
ciphers to be used by the browser. - '■ - 
[0041] ■ Referring now to FIG. T4, user interface object 
218, associated with "Certificate" security preferences 
has been- selected.'Diaiog area 116 includes text infor- 
mation 280 that explains' the purpose and use of certif- 
icates' for the browser - ' = 
[0042] Referring now to FIG. 15, user interface object 
220, associated with "Certifying Authorities" security 
preferences has" beeYi selected. Dialog area 116 in- 
cludes text information 282 and user interface objects 
284. Text information ; 282 provides information about 
the "Certifying 'Authorities "security preferences associ- 
ated with usor interface object 220. User interface ob- 
jects 284 allow a- user to add (import) new certifying au- 
thority certificates or.toview or delete existing certifying 
authority certificates. ■ • •■ 

[0043] Referring now to FIG. 16, user interface object 
222, associated with 'Web Site" Certificate" security 
preferences' has been selected. Dialog area 116 in- 
cludes text information '286 and user interface objects 
288. Text information 286 provides -information about 
the "Web Site' Certificate" security preferences associ- 
ated with user interface object 222. User interface ob- 
jects 288 allow a user to view and delete certificates 
from secure web sites that have been visited. 
[0044] Referring now to F!G. 17, user interface object 
224, associated with "Software Publisher Certificate" 
security preferences has been selected. Dialog area 
1 1 6 includes text information 290 and user interface ob- 
jects 292. Text information 290 provides information 
about the "Software Publisher Certificate" security pref- 
erences associated with user interface object 224. User 
" interface" objects' 292 ■ allow a. user' to view and - delete 
software publishercertifieates from signed Java applets 
' that have' been accessed. '* ■■>•' - 1 

HANDLING SECURITY EVENTS 

[0045] The modal approach described herein in the 
context of selecting security preferences is also appli- 
cable'to' handling security events. As used herein, the 
: term "security event' refers to any type of event related 
to security and the 1 invention is not limited to any partic- 
ular type- of security event. An example of a security 
n event is a condition that threatens the safety or security 
' of data; Another example of a security event is when a 



user attempts to initiate a financial transaction while, 
connected to an insecure web site. 
[0046] According to an embodiment of an invention,, 
two or more user interface modes are. used to handle 

s security events. Thus, the specific user interface objects 
displayed on user interlace 100 in response to a security 
event, depend upon the particular user .interface mode 
that is in. use at the time the security event occurs. For 
example, in a basic user interface mode, the user irrter- 

io face objects displayed on a user interface in response 
to a security event may use simple language and, offer 
relatively few choices for responding to ,the security 
event. On the other hand, in an advanced user interface 
mode, the user interface objects may use more sophis- 

is ticated language and offer a relatively larger number of 
choices for responding to the security event. - 
[0047] FIG. 18 illustrates a modal approach for han 7 
dling security events using a first user interface mode 
according to an embodiment of the invention. The first 

20 user interface mode is generally associated with begin- 
ner or basic users. In the present example, it is pre- 
sumed that a user has attempted to access a-.site that 
requires a secure connection and.the certifying authority 
that issued the web site's certificate i^not recognized. 

2B [0048] As illustrated, in FIG. 18, a dialog box 290 is 
displayed in dialog area 116. Dialog box 290 warns the 
user that the certificate authority is unknown. In addition, 
the user is given the opportunity.to either connect to the 
web site or cancel the connection attempt using selecta- 

30 ble objects 292. . 

[0049] FIGS. 19-21. illustrate a modal approach , for 
handling security events using a second user- interface 
mode according to an embodiment of the invention. The 
second user interface mode generally corresponds to 

35 an advanced user mode. As illustrated in FIG.1 9, a di- 
alog box 294-is displayed in dialog area 11 6.. Dialog box 
294 warns the user that the certificate authority is un- 
known. In addition, the user is given the opportunity to 
either continue and specify options for establishing the 

40 connection or cancel the connection attempts using se- 
lectable objects 296. 

[0050] Selecting continue to specify options for estab- 
lishing the connection causes the user interface inter- 
action illustrated in FIG.. 20. A dialog box 298 informs 

45 the user about certificates and allows a user to view the 
certificate by selecting user interface object 300. Select- 
ling user interface object 300 causes certificate informa- 
tion to be viewed as, illustrated in FIG. 21 .-Specifically, 
in FIG; 2.1 ..certificate details are presented in a dialog 

so - box 302: A user may return to the display of FIG ; 20 by 
selecting a user interface object 304-in,FIG. 21 . 
[005.1] Referring again to FIG. 20, in addition to view- 
ing the certificate, a dialog box 306 provides several us- 
er options including accepting the certificate for this ses- 
■ 55 sion only, accepting the certificate for this and future 
sessions and showing a warning before sending infor- 
- mation to the web site. Finally.-a user may accept the 
selections or abort viewing the certificate by. selecting 
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user interface object 308. 

[0052] ; As is evident form the prior example, the modal 
approach described herein is applicable to both security 
preferences selected by a user, as well as user interface 
. activity generated in response to security events. Spe- s 
cifically, fora -given security event, such as attempting 
to connect to a web site that requires a secure connec- 
tion; a- user may be presented with different user inter- 
face objects, e.g. : dialog boxes, and different options, 
depending upon the particular user interface mode. This ., 10 
allows users of different skill levels and experience to 
successfully respond to a given security event. 
[0053] . Although embodiments of the invention have 
been illustrated- and described in the context of using 
two user interface modes to select security attributes, is 

: any- number of user interface.modes may be used and 
the invention is notjimited to a particular number of user 
interface modes. For example, three user interface 
modes corresponding to basic, intermediate and ad- 

. vanced security administration modes may be used. . 20 

IMPLEMENTATION MECHANISMS : . 

.[0054] The modal approach for selecting security 
preferences,, in, computer software as described. herein 2S 
.may be integrated into one or more computer software 
programs as part of the "front end," or may be imple- 
mented as a stand-alone process that interacts with oth- 
er software processes. The approach may be imple- 
mented using any number of sequences of instructions 30 
executing on a general purpose computer to provide the 
: necessary functionality on a computer user interface, 
.tfoweyer, the invention is not limited to .pure, software 
implementations. The approach may be implemented in 
hardware circuitry, in computer software, or a ccmbina- ; 35 
tion of hardware circuitry and computer .software. 
-,[0055] Figure 22 is a block diagram that illustrates a 
computer system 2200 upon which an embodiment of 
the invention may be implemented. Computer system 
2200 includes a bus 2202 or other communication 40 
mechanism for communicating information, and a proc- 
essor 2204 coupled with bus 2202 for processing infor- 
mation. Computer system 2200 also includes a main 
memory 2206, such asa random access memory (RAM) 
or other dynamic storage device-,; coupled, to bus 2202 . .45.. 
for. storing information. and inst ructions ; to be executed 
by processor 2204.,. Main memory 2206 also may be 
-used for storing temporary variables or other intermedi- 
ate information during execution of instructions to be ex- 
ecuted^ .processor 2204. Computer system 2200 fur- so 
ther includes a read only memory (ROM) 2208 or other 
static storage device coupled to bus 2202 for storing 
static information and instructions for processor 2204. 
A storage device.2210, such as a magnetic disk or op- 
tical disk, is provided and coupled to bus 2202 for storing ss 
information and instructions. 

[0056] • Computer system 2200 may be coupled via 
bus 2202 to a display 221 2, such as a cathode ray lube 



(CRT), for.disp laying information to a computer user. An 
input device. 221 4, .including alphanumeric and other 
keys, is coupled to bus 2202 for communicating infor- 
mation and command selections to processor 2204. An- 
other type of, user input device is cursor control 2216, 
such. as a mouse,, a. trackball, or cursor direction keys 
for communicating direction information and command 
selections to processor 2204 and for. controlling cursor 

, movement on display 2212. This input device .typically 
has two degrees of freedom in two axes, a first axis. (e. 

-,g., x) and a second axis (e.g., y), that allows the device 
to specify positions in a plane. 

[0057] The invention is related to the use of computer 
system 2200 for selecting security preferences in a com- 
puter program. According to one embodiment of the in- 
vention, selecting -security preferences in a computer 
program, is provided by computer system 2200, in re- 
sponse to processor 2204 executing one or more se- 
quences of one or more .instructions contained in main 
memory 2206. Such instructions,may.be read into main 
memory 2206 from another computer-readable medi- 
um, such as storage" device 2210. Execution of the se- 
quences of inst ructions, contained in'.maih memory 2206 
causes processor 2204 to perform the process steps de- 
scribed herein. One or more processors in a multi- 
processing arrangement may also be employed to exe- 
cute the sequences of instructions contained in main 
- memory 2206. In alternative embodiments, hard-wired 
circuitry may be used in place of or.in combination with 
software instructions to implement the invention. Thus, 
embodiments of the invention are not limited to.any spe- 
cific combination.of hardware circuitry and "software. . 
[0058] The term "computer-readable medium 0 as 
used herein refers to any medium that participates in 
providing instructions to processor 2204 for execution. 
Such a medium may take many forms, including but not 
limited to, non-volatile media, volatile media, and trans- 
. mission media. Non-volatite media includes, for exam- 
ple, optical or magnetic disks, such as storage device 
2210. Volatile media includes dynamic memory, such as ■ 
, main memory 2206. Transmission media includes co- 
axial cables, coppe^wire and fiber, optics, including the 
. wires that comprise bus 2202 : . Transmission media can 
.also take the form of acoustic or light waves,. such as 
; those generated during radio wave, and' infrared data 
commun teat ion s, . " ['^^ ^ ir . . .1 / 
[0059] Common forms of computer-readabj'e.~niedia 
include, for. example, a floppy disk, a flexible disk, hard 
disk, magnetic tape, or any other magnetic medium, a 
CD-ROM, any other optical medium, punch cards, pa-. .. 
per tape, any other physical medium with patterns of 
holes, a RAM, a PROM, and EPROM, a^FLASH- 
..EPROM, any other memory chip or cartridge, a carrier 
wave as described hereinafter, or any other. medium 
-from which a computer can read. 
, [0060] various forms of computer readable media 
may be involved in carrying one or more sequences of 
one or more instructions. to processor 2204 for execu- 
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tibn. For example, the instructions may initially be car- 
ried on a magnetic disk of a remote computer. 1 The re- 
mote computer can load the instructions into its dynamic 
memory and send the instructions over a telephone' line 
using a modem. A modem local to computer system 
2200 can receive the data on the telephone line and use 
ah infrared transmitter to convert the data to an infrared 
signal. Ah infrared detector coupled to bus 2202 can re- 
ceive the data carried in the infrared signal' and place 
the data on bus 2202. Bus 2202 r carries the data to main 

'memory 2206, from which processor'2204retrieves and 
executes the instructions. The instructions received by 
main memory 2206 may optionally be stored on storage 
device 2210 either before or after execution by proces- 
sor 2204."-' ' ' 
[0061] " Computer system 2200 also includes a com- 
munication interlace 2218 coupled to bus 2202. Com- 
munication interface 2218 provides a two-way' data 
communication coupling to a network link 2220 that is 
connected to a local network' 2222. For example, com- 
municatioh'interface ! 22l8 may be an integrated servic- 
es digital network {ISDN) card or a modem to provide a 
data communication connection to a corresponding type 
of telephone line. As another example, communication 
interface 2218 may be a local area network (LAN) card 
to provide a data" communication connection to a com- 
patible LAN. Wireless links may also be implemented, 
in any such implementation, communication interlace 
2218 sends arid receives electrical; electromagnetic or 
optical signals that carry digital data streams represent- 
ing various types of information. 
[0062] Network link 2220 typically provides data com- 
munication through one or more networks to other data 
devices. For example, network link 2220 may provide a 
connection through local network 2222 to a host com- 
puter 2224 or to data equipment operated by an Internet 
Service Provider (ISP) 2226. ISP 2226 in turn provides 
data communication services through the worid wide 
packet data communication network now commonly re- 

' f erred to as" the "Internet " 2228. Local network 2222 and 
Internet 2228 both use electrical, electromagnetic or op- 
tical signals that carry digital data streams. The signals 
' through' the various networks and the' signals oh network 
link 2220 and through communication interface 2218, 

' which' carry the digitafdata'to and f rom computer system 
2200, are exemplary forms of carrier waves Ua'nsf3ortihg 

^' the information.' : ' /* '°' * *' 5 "''*'. ' 

: [0063] Computer system '2200 can send messages 
and receive data, including program code, through the 
network(s), network link 2220 and communication inter- 
face 2218. In the Internet example, a server 2230 might 
transmit a requested code for an application program 
through' Internet 2228, ISP 2226, local network 2222 
and communication interface 2218. In accordance with 
the invention, one such downloaded application pro- 
vides : f or selecting security preferences in a computer 
program a's described herein. 

[0064] The received code may be executed by proc- 



essor 2204 as it is received, and/or stored in storage 
device 2210, or other non-volatile storage for later exe- 
cution: In this manner, computer- system 2200 may ob- 
tain application code in the form of a carrier wave. 

$ [0065] The approach described herein- for selecting 
security preferences provides several advantages over 
prior approaches. The modal approach allows twb-or 
more user interface modes to be tailored to attributes of 
users. This can greatly" reduce the number of security 

io attributes presented to less experienced users,- making 
selecting security attributes less complex and less con- 
fusing. The modal approach also allows security prefer- 
ences to be prioritized based upon which security pref- 
erences are presented to a user. In addition; the modal 

is approach provides a higher level of security by automat- 
ically selecting" certain security attributes on : behalf -of 
less experienced users to provide a relatively high level 
of user protection and by limiting the security preferenc- 
es that a user can select. * • ^ ' ■ - ' 

20 [0066] In- the foregoing ■ spec i Heat iotV' the invention 
has been described with reference to specific embodi- 
ments thereof. It will, however, be evident that various 
modifications and changes may be made thereto with- 
out-departing from the broader spirit and scope of the 

25 invention. The- specification and drawings' are accord- 
ingly, to be regarded 'in an illustrative rather than a re- 
strictive sense. : ' * : ' 



30 Claims ■ ! '" ' 

1 . A method for selecting security preferences in com- 
puter software, the method comprising the compu- 
ter-implemented steps of: ( 



35 



40 



' 45 



SO 



55 



displaying a first user interface object via" a user 
interface, wherein the first user interface object 
is associated with a first user interface mode in 
"which a first set of one or more user interface 
objects is available for selecting" the security 
preferences; 

displaying a second user interface object via 

- the user interface, wherein the second user in- 
'* terface object is associated with a second user 

- interface mode' in which a second set of one or 
more user interface objects is available for se- 

- lecting the security prelerences; 

" wp "' detecting a user interaction associated with the 
: user interface; ,l '• .- >r - ■ *" ! *'"" 
' determining whether the user interaction is asr. 

- sociated with either the first user interlace ob- 
ject or the second user interface object;* 

' if the user interaction is associated with the first 
user interface object, then initiating" the first us- 
er interface mode; and 

if the user interaction is associated with the sec- 
' ond user interface- object, then initiating the 

- " second user interface mode. * 
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2. The method as recited in Claim 1 ;-whereirv v 

the first user interface mode corresponds to a 
first value of a particular user attribute, and 
the second user interface mode corresponds to 
a second vaiue of the particular user attribute. 

3. The method as recited in Claim 2, wherein: 

-i 

" the first value of the particular user attribute cor- 
responds to a first user experience level, and 
the second value of the particular user attribute 
: corresponds to a second user experience level. 

4. The method as recited in Claim 1 , wherein the step 
of initiating the first user interface mode includes 
displaying the first set of one or more user interface 

- objects via the user interface and the step of initiat- 
ing'the second user interface mode, includes dis- 
playing the second set of one or more user interface 
objects via the user interface. 

. .' j. . 

5. The method as-recited in Claim 1 , wherein the com- 
puter software is an Internet browser. 

6. The method as recited in Claim 1-,- wherein the step 
of initiating the first user interface mode includes 
displaying the first set of one'or more user interlace 
objects via the user interface in response to a se- 
curity event and the step of initiating the second us- 
er interface mode includes displaying the second 
set of one or more user interface objects via the user 
interface in response to the security event. 

7. A computer-readable medium carrying one or more 
sequences of one or more instructions for selecting 
security preferences in computer software, the one 
or more sequences of one or more instructions in- 
cluding instructions which, when executed by one 
or more processors, cause the one or more proces- 
sors to perform the steps of: 

displaying a first user interface object via a user 
interface, wherein the first user interface object 
is associated with a first user interface mode in 
which a first set of one or more user interface 
objects is available for selecting the security 
preferences; 

displaying a second user interface object via 
the user interface, wherein the second user in- 
terface object is associated with a second user 
interface mode in which a second set of one or 
more user interface objects is available for se- 
lecting the security preferences; 
detecting a user interaction associated with the 
user interface; 

determining whether the user interaction is as- 
sociated with either the first user interface ob- 



ject or the second user interface object; 
. • - if the user interaction is associated with the first 
* • user interface object,- then initiating the first us- 
*i « . er interface mode; and 
5 - _-. . if the user interaction is associated with the sec- 
ond user interface object, then initiating the 
second user interface mode. 

8. The computer-readable medium as recited in Claim 
10 7, wherein: 

the first user interface mode corresponds to a 
j first value of a particular user attribute, and 
the second user interface mode corresponds to 
75 ■ t a second value of a particular user attribute. 

9. ; -The computer-readable medium as recited in Claim 

6, wherein: - 

20 the first value of the particular user attribute cor- 

responds to a first user experience level, and 
the second value of the particular user attribute 
corresponds to a second user experience level. 

2S 10. The computer-readable medium as recited in Claim 

7, wherein the step of initiating the first user inter- 
face mode includes displaying the first set of one or 
more user interface objects via the user interface 
and the step of initialing the second user interface 

30 mode includes displaying the second set of one or 
more user interface objects via the user interface. 

11 . The computer-readable medium as recited in .Claim 
7, wherein the computer software is an Internet 

35 browser. 

12. The computer-readable medium as recited in Claim 
7, wherein the computer-readable medium is a car- 
rier wave. 

40 . - 

13. The computer-readable medium as recited in claim 
7,. wherein the step of initiating the first user inter- 
face mode includes.displaying the first set of one or 

^ more user interface objects via the user interface in 
•45 ... response to a security .event and the step of. initiat- 
ing the second user; interface. mode includes dis- 
playing the second set of one or more user interface 
:-■ 1 objects via the user interface in response to the se- 
- curity event. -,, 

so 

■ 14. A computer system comprising: 
a.user interface; 

a first user interface object displayed via the us- 
er interface, wherein the first user interface ob- 
ject is associated with a -first user interface 
mode in which a first set of one or more user 
interface objects is available for. selecting secu- 
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nty preferences- and ' 

a second user interface object displayed via the 
user interface, wherein- the second user inter- 
face object is associated with a second user in- 
terface mode in which -a second set of one or 
■ more user interface objects is available for se- 
lecting the security preferences, ■ . 

wherein the computer system is config- 
ured to 

detect a user interaction associated with 
. the user interlace, 

^ determine whether the user interaction is 
associated' with either the first user inter- 
- face object or the second user interface ob- 
ject, 

- if the user interaction is associated with the 

first user interface object, then initiate the 
first user interface mode, and 
if the user interaction is associated with the 
second user interface' object, then initiate 
the second user interface mode. 

1 5. The computer system as recited in Claim 1 4, where- 
in: ■ ■' ■ ■ ■ 

1 the first user interface mode corresponds to a 
first value of a particular user' attribute, and 
the second user interlace mode corresponds to 
a second value of a particular user attribute. 

16. The computer system as recited in Claim 1 5, where- 

^ in: " - 
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20. A method for handling a security event in computer 
software, the method comprising the computer-im- 
plemented steps of: 

. detecting a security event; 
• - determining whether a first.user interface mode 
or a second user interface mode has been se- 
lected; •' . - * - r ~. ~ : n ■ 
if the first user interface mode has been select- 
ed, then displaying one or more user interface 
objects associated with the first user interface 
mode to notify a user that the security event has 
occurred and to provide one or more options for 
responding to the security event; and 

* if the second user interface mode has been se- 
lected, then displaying one or more user, inter- 
face objects associated with the second user 
interface mode to notify the user that the secu- 
rity event has occurred and to provide , one or 
more options for responding to the security 
event, 

wherein the first and second user interface 
modes, correspond generally .to different user 
experience levels.. r, . 

21: A computer program comprising computer code to 
, perform the method according to any. one of claims 
■ 1 to 6 or 20 when run on a computer. 



the first value o! the particular user attribute cor- 
responds to a first user experience level, and 
the second value of the particular user attribute 
corresponds to a second user experience level. 

1 7. The computer system as recited in Claim 1 3, where- 
in the step of initiating the first user interlace mode 
' includes displaying the first set of one or more user 
interface objects via the user interface and the step 
of initiating the second user interface'mode includes 
displaying the second set of one "or more -user inter- 

"" '-face objects via'the~ user interface: • - " r 
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1 8. The computer system as recited in Claim 1 3, where- 
in the computer soltware is an Internet browser. 

19. The computer system as recited in claim 1 3, where- 
in the step of initiating the first user interface mode 
includes displaying the first set of one or more user 
interface objects via the user interface in response 

• ■ to a security event and the step of initiating the sec- " 
; ■ ond user interface mode includes displaying the 
■ second set of one or more user interface objects via 
the user interface-in response to the security event. 
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Applets and JavaScript 

Many web sites contain Java applets and JavaScript, which 
are programs that are run on your system when you access 
a web site. These programs can perform actionsisuch as 
reading and writing to files on your system that you may want 
to control. 

This browser allows you to set the security models for three - 
types of programs: Java applets, signed Java applets and 
JavaScript 

In addition, you can set up special cases on a per web site'; 
software publisher certificate or certifying authority basis. 
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Applets 

Applets are Java Programs that run on your system and can 
perform operations such as reading and writing files. 

Specify the mode in which you would like unsigned Java 
applet to run: 
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Blocked: 

Do not run unsigned Java applets. 
Restricted: 

Run unsigned Java applets within secure 
contrants. Block restricted actions such as 
reading or writing a file on the local disk. 

Ask First 

Run unsigned Java applets within secure 
constraints. Ask me for permission before 
performing restricted actions. 
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To override this setting, go to the Special Cases pane*. ! 
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Signed Applets 

A signed Java applet contains the digital signature and 
certificate of the software distributor. This protects the code 
from tampering. It does not guarantee that the code will 
work or be safe to use. 

Specify the mode in which you would like unsigned Java 
applet to run: 




O 
® 



Blocked: 

Do not run unsigned Java applets. 
Restricted: 

Run unsigned Java applets within secure 
contrants. Block restricted actions such as 
reading a writing affile on your system. 

Ask First 

Run unsigned Java applets within secure 
constraints. Ask me for permission before 
performing restricted actions. 
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■ To override this setting, go to the Special Cases panel. 
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JavaScript 

JavaScript scripts are programs that run on your system 
and can perform operations such as reading and wirting 
files. 

Specify the mode in which you would like to run: 
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Blocked: 

Do not run unsigned Java applets. 

f , - - 

Restricted: . ( 

Run unsigned Java applets within secure 
contrants. Block restricted actions such as 
reading or writing a file on the local disk. 

Ask First 

Runjinsigned Java applets within secure 
constraints. Ask me fcr permission before ' 
performing restricted actions. ? 



To override this setting, go to the Special Cases panel. ; 
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This browser lets you override the security modes for Java : 
applets, signed Java applets and JavaScript on a per web i^SS 
site, software publisher certificate a certifying authority basis. . 



. Basic: 



Security Mode: 
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Basis for Special Case: 

O Applets and JavaScript at this web site: 



-116 



O Applets and JavaScript signed with this software publisher 
certificate: - 



O Applets and JavaScript whose certificates are issued by 

this certifying authority: - 

■ I v I 

Security Mode fa Special Case: 

O Blocked: ..J, 
Do not run unsigned Java applets. 

O Restricted: 

Run unsigned Java applets within secure . " ■ . 
constraints. Block restricted actions such as 
reading or writing a file on the IccaJ disk. 

O Ask First 

Run unsigned Java applets within secure , . 
constraints. Ask me for permission before 
performing restricted actions. 

O Unprotected: 

Applets and JavaScript can read and write to your system. 
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WebSites 

Some web sites use secure connections to transfer information 
to and from your system.. This is especially common for web sites 
that handle monetary transactions such as online shopping. 

Web addresses for secure web sites start with tittps://" . This * - - 
specifies that SSL (Secure Sockets Layer) will be used for- 
transferring information. SSL protects your data from tampering 
or viewing during transmission. 
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Warnings 



Show A Warning Before: 
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Entering a Secure Web Site - * - . : 
Leaving a Secure Web Site 
Sending Data to a Secure Web Site 1 * • ' 
Sending Data to an Unprotected Web Site I . 
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SSL 



Ciphers are algorithms that are used to encrypt and decrypt 
information being transmitted. Some ciphers are more secure 
than others. 

Select the ciphers that this browser should use when malting 
! a secure connection. ^ 
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Certificates 

This browser stores three types of certificates: certifying authorities, 
web sites and software publishers. 

Certificates are used by this browser for two secure activities: 

1 . Accessing a secure web site (using the https protocol). 

2. Running, a signed Jave applet 

Secure Web, Sites'/ 

When a secure web site is i encountered, the browser checks to 
see if the certificate associated with the secure web site was issued " 
by a trusted pertif^ authcfir^ 
certifit^isalre^ instajled. ' 

If the certifying authority is trusted, then the browser gives you access 
to the secure web site. Otherwise, you will be asked whether you want 
to trust this web site anyway. If you answer yes and trust trife web site 'fori 
this and future sessions, its certificate will be added to the Web Site 
certificates known by the browser. 

Signed' Java Applets " ;t 1 ! 

When a signed Java applet is encountered, the browser, checks to 
see if the certificate associated with the signed Java applet was 
issued by a trusted certifying authority. 

If the certifying authority is trusted, then the browser allows the signed 
Java applet to run under the security mode specified in the Signed 
Applets panel of this dialog. Otherwise, you will be asked whether 
you want to trust this software publisher anyway. , If you answer yes 
and trust this software publisher for this and future sessions, its 
certificate wfll be added to the Sof^re Publisher certifkates; 
known by the browser. 
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^Certifying Authority Certificates ; 

This is a list of certificates of the Certifying Authorities that are 
trusted by this browser. Certifying Authorities issue the signed : 
certificates that web sites use to indicate that their site on Java > 
Applet is trustworthy. 



-116 



Thawte Personal Premium r 
Verisign Class 3 Primary CA 



| view Certrificate : \_ ^ Import _ _ v j. ' \ _ . _ .Ctejete^ _'f 



282 



284 



27 

BNSDOCID: <EP 1 046977 A 2_l_> 



BP 1 046 977 A2 



FIG. 16 



100 

\ 



110 

200- 

'202- 
204 
206- 
208- 
210 

212- 
214 
216- 
218- 

220- 
222- 

224- 



SECURITY 'ADMIM STRATION MODE:' 



O Basic 

' "Y *" 
- -102 



O Advanced 



"T" 

106 



: Cookies. : 

• Applets/JavaScript 
— : Applets : 
4^: Signed Applets ; 

Java Script 
; — :;Special Cases,. I 
r. Web.Sites . : . . 
— : Warnings : 
— : * SSL V ' ; 

• Certificates ; 
■ — : Certifying Authorities : 



WebSites 



- Software Publications : 



Web Site Certificates 

The certificates in this list are from secure Web Sites you have 
accessed. Web site certificates are added to this list when you 
permanent!/ accept a certificate from a secure Web Site whose 
certificate issuer is not a trusted certifying authority. 
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View Certificate ; Delete 
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Software Publisher Certificates .. 

The certificates in this list are from signed Javaapplets you 
have accessed. Software publisher certificates are added to 
this list when you perrnanentty accepta certificate from a Signed 
Java applet whose certificate is not a trusted certifying authority. 
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Warning: Unknown Certificate Authority 






The web she you have requested to access requires a secure 
connection in order to transmit information. 






This browser does not recognize the certifying authority that 
©sued the web ste's certificate. * ' ■ 




i 


If you are unsure about the integrity of this web site, you may 
not want to send information to it especially credit card 
numbers, passwords or other information you want to protect 






Do you wish to establish the connection anyway? 






Connect- Cancel 
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Warning: Unknown Certificate Authority 






The web site you have requested to view requires a secure ^ 
connection in order to transmit information. 






This browser is unable to authenticate this server, it does hot 
recognize the certifying authority which issued this web site's 
certificate. . ,■ ■ ; . • v: k 






To specify options for. establishing fie connection anyway, 
select Continue. 






Continue Cancel 
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information from and send information to this website. The 
information is encrypted to protect it from being viewed by ' 
third parties. 



If you are unsure about the integrity of this web site, you 
.may not want to send information to it, especially credit ' 
card numbers, passwords or other information you want to 
protect 



: View Certificate 




Accept this certificate for 
® this session only 
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show warning before sending information to this web' site 




OK 



Cancel 
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View Certificate-Unknown Certifying Authority 



The web site you have requested to access has presented 
the following certificate. The boxed region shows the certifying 
authority that is not recognized by this browser. 

Certificate Owner * 
ABC.com. . 

Certificate Issuer 

XYZ Server .. ; ~ , v 

Dates Valid For 

1/28/99-12/31/1999 

: Serial Number : - > ■' 

. 122223444 . — ' v 

Fingerprint 
3ciy2:ss:13:9i:of:33. "• 



Close 
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